Static Analysis of HIPPA Security Requirements in Electronic Health Record Applications

摘要

Electronic Health Records (EHRs) are digital versions of paper-based patient's health information. EHR applications are increasingly being adopted in many countries. They have resulted in improved quality in healthcare, convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. However, there have been reported breaches of Protected Health Identifier (PHI) data stored by EHR applications. In many reported breaches, improper use of EHRs has resulted in disclosure of patient's PHI data. Inefficient application design threatens the integrity of EHRs, which leads to fraud and endangering patient's health. The goal of this paper is to identify HIPAA technical requirements, evaluate an open source EHR application (OpenEMR) for security vulnerabilities using an open-source scanner tool (RIPS), and map identified vulnerabilities to HIPAA technical requirements.